- Twitter said for 45 of those accounts, the attackers were able to initiate a password reset, login to the account and send Tweets.
- For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information via "Your Twitter Data" tool.
- The company said it will soon restore access for all account owners who may still be locked out as a result of the remediation efforts.
Twitter on Saturday said they are embarrassed, disappointed and, more than anything, sorry for what happened with some of its high-profile users as attackers successfully manipulated its employees and used their credentials to access internal systems, including getting through the two-factor protections.
In the first detailed summary of the "social engineering attack" via a
crypto scam that hit at least 130 users this week, Twitter said for 45 of those accounts, the attackers were able to initiate a password reset, login to the account and send Tweets.
"We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," the micro-blogging platform said in a statement.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information via "Your Twitter Data" tool.
This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.
"We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts," said Twitter.
The company said the attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
"Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools," informed Twitter.
In cases where an account was taken over by the attacker, they may have been able to view additional information, Twitter added, saying its forensic investigation of these activities was still ongoing.
"We are actively working on communicating directly with the account-holders that were impacted".
The company said it will soon restore access for all account owners who may still be locked out as a result of the remediation efforts.
The New York Times reported on Friday that the
Twitter crypto scam can be traced back to a group of hackers who congregate online at OGusers.com, a username-swapping community where people buy and sell coveted online handles.
The report said that the
Twitter hack is not from Russian, Chinese or North Korean hackers but was done by a group of young people, "one of whom says he lives at home with his mother".
Next Story
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
Axis Bank posts net profit of ₹7,129 cr in March quarter
7 Best tourist places to visit in Rishikesh in 2024
From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
7 Things to do on your next trip to Rishikesh
